© The Indian Express (P) Ltd
Tags:
Journalism of Courage
The Ministry of Electronics and Information Technology on Friday asked the Delhi High Court to step in and restrain WhatsApp from rolling out its new privacy policy.
Citing several Supreme Court judgments, the Ministry has said that since the highest court of the land had placed a responsibility upon it to come out with a “regime on data protection and privacy”, which would “limit the ability of entities” such as WhatsApp to issue “privacy policies which do not align with appropriate standards of security and data protection”, WhatsApp must be stopped from rolling out the services.
In a counter-affidavit, the IT Ministry has listed five major violations of the current IT rules that the new privacy policy of WhatsApp, if rolled out, could entail.
Earlier, the Ministry had written to the instant messaging platform’s global CEO Will Cathcart, asking him to withdraw the latest privacy and policy update, which it had said enabled WhatsApp and other Facebook companies “to make invasive and precise inferences about users”.
The first, the IT Ministry said in its affidavit, is that WhatsApp failed to specify the type of sensitive data being collected by it, which is a violation of Rule 4 (1) (ii) of the IT Rules of 2011.
Rule 4 (1) (ii) says that any corporate or person who collects, receives, stores, deals or handles information “shall provide a privacy policy for handling of or dealing in personal information including sensitive personal data or information” and also specify the types of sensitive data being collected.
The second violation, the Ministry said, was with respect to collection of information. Rule 5 (3) of the IT Rules says that any person or corporate collecting information shall notify the user if it is collecting any sensitive information, the purpose for which it is being collected, and the intended recipients of the said information.
In the new privacy policy, WhatsApp has also failed to provide the user an option to review or amend the users’ information being collected by it.
“The privacy policy is completely silent on correction/amendment of information. It appears to provide an option to ‘further manage, change, limit, or delete your information’ of the policy, but upon close perusal, it is apparent that this ability is limited to a user’s profile name, picture, mobile number, and the ‘about’ information,” the Ministry said in the affidavit, alleging that it violated Rule 5 (6) of the IT Rules.
Apart from these, the new WhatsApp privacy policy, also fails to provide users an option to withdraw consent on data sharing retrospectively, and fails to guarantee non-disclosure by third parties, which violate Rule 5 (7) and Rule 6 (4) of the IT Rules of 2011
